Why Comply with CISP?
The following information was taken directly from Visa’s website (
http://www.visa.com/cisp):
The CISP requirements help Visa members, merchants, and service providers protect their
information assets and meet the obligations to the Visa payment structure. Other benefits
include:
• Consumer confidence: Reports of hacker attacks, stolen credit card numbers,
and identity theft have left consumers demanding absolute assurance that their
account data and other personal information is safe.
• Minimized threat to your reputation and financial health: Financial and
resource outlay is minimal compared to the costs associated with the reactive
hiring of security and public relations specialists, or the loss of significant revenue
and customer goodwill that can result from a compromise.
If a merchant or service provider refuses to participate in CISP, Visa may impose a fine on
the responsible Visa Member. Ultimately, merchants and their service providers must meet
the CISP requirements to continue to accept Visa Payment products.
CISP compliance penalties
Failure to comply with CISP standards or to rectify a security issue may result in:
• Fines (described below)
• Restrictions on the merchant; or
• Permanent prohibition of the merchant or service provider's participation in Visa
programs.
The following fines apply for non-compliance, within a rolling 12-month period:
• First violation: $50,000
• Second violation: $100,000
• Third violation: Management discretion
More Information
(
Note: VeriFone, Inc. highly recommends that you contact whoever set up
your ability to process transactions and find out exactly what they mandate
and/or recommend. Doing so may help merchants protect themselves from
fines and fraud. For more information related to security, visit:
•
http://www.visa.com/cisp
•
http://www.sans.org/resources
•
http://www.microsoft.com/security/default.asp
•
https://sdp.mastercardintl.com
13